It makes much more sense and is much more consistent with the rest of
OpenSSL to have to opt out hardware support instead of having to opt it in. And since the hardware support modules are self-contained and actually check that the vendor stuff is loadable, it still works as expected, or at least, so I think...
This commit is contained in:
parent
2a7619d762
commit
3257904c56
6 changed files with 32 additions and 30 deletions
17
Configure
17
Configure
|
@ -10,7 +10,7 @@ use strict;
|
|||
|
||||
# see INSTALL for instructions.
|
||||
|
||||
my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [hw-xxx] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
|
||||
my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
|
||||
|
||||
# Options:
|
||||
#
|
||||
|
@ -23,11 +23,10 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
|
|||
# default). This needn't be set in advance, you can
|
||||
# just as well use "make INSTALL_PREFIX=/whatever install".
|
||||
#
|
||||
# hw-xxx compile support for specific crypto hardware. Generic
|
||||
# OpenSSL-style methods relating to this support are
|
||||
# always compiled but return NULL if the hardware support
|
||||
# isn't compiled. Currently, hw-cswift is the only support
|
||||
# of this form.
|
||||
# no-hw-xxx do not compile support for specific crypto hardware.
|
||||
# Generic OpenSSL-style methods relating to this support
|
||||
# are always compiled but return NULL if the hardware
|
||||
# support isn't compiled.
|
||||
# rsaref use RSAref
|
||||
# [no-]threads [don't] try to create a library that is suitable for
|
||||
# multithreaded applications (default is "threads" if we
|
||||
|
@ -475,12 +474,12 @@ foreach (@ARGV)
|
|||
$openssl_algorithm_defines .= "#define NO_MDC2\n";
|
||||
}
|
||||
}
|
||||
elsif (/^hw-(.+)$/)
|
||||
elsif (/^no-hw-(.+)$/)
|
||||
{
|
||||
my $hw=$1;
|
||||
$hw =~ tr/[a-z]/[A-Z]/;
|
||||
$flags .= "-DHW_$hw ";
|
||||
$openssl_other_defines .= "#define HW_$hw\n";
|
||||
$flags .= "-DNO_HW_$hw ";
|
||||
$openssl_other_defines .= "#define NO_HW_$hw\n";
|
||||
}
|
||||
elsif (/^386$/)
|
||||
{ $processor=386; }
|
||||
|
|
|
@ -130,21 +130,21 @@ typedef struct engine_st
|
|||
/* Returns a structure of software only methods (the default). */
|
||||
ENGINE *ENGINE_openssl();
|
||||
|
||||
#ifdef HW_CSWIFT
|
||||
#ifndef NO_HW_CSWIFT
|
||||
/* Returns a structure of cswift methods ... NB: This can exist and be
|
||||
* "used" even on non-cswift systems because the "init" will fail if the
|
||||
* card/library are not found. */
|
||||
ENGINE *ENGINE_cswift();
|
||||
#endif /* HW_CSWIFT */
|
||||
#endif /* !NO_HW_CSWIFT */
|
||||
|
||||
#ifdef HW_NCIPHER
|
||||
#ifndef NO_HW_NCIPHER
|
||||
ENGINE *ENGINE_ncipher();
|
||||
#endif /* HW_NCIPHER */
|
||||
#endif /* !NO_HW_NCIPHER */
|
||||
|
||||
#ifdef HW_ATALLA
|
||||
#ifndef NO_HW_ATALLA
|
||||
/* Returns a structure of atalla methods. */
|
||||
ENGINE *ENGINE_atalla();
|
||||
#endif /* HW_ATALLA */
|
||||
#endif /* !NO_HW_ATALLA */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
|
|
@ -185,18 +185,18 @@ static int engine_internal_check(void)
|
|||
* with our statically compiled-in engines. */
|
||||
if(!engine_list_add(ENGINE_openssl()))
|
||||
return 0;
|
||||
#ifdef HW_CSWIFT
|
||||
#ifndef NO_HW_CSWIFT
|
||||
if(!engine_list_add(ENGINE_cswift()))
|
||||
return 0;
|
||||
#endif /* HW_CSWIFT */
|
||||
#ifdef HW_NCIPHER
|
||||
#endif /* !NO_HW_CSWIFT */
|
||||
#ifndef NO_HW_NCIPHER
|
||||
if(!engine_list_add(ENGINE_ncipher()))
|
||||
return 0;
|
||||
#endif /* HW_CSWIFT */
|
||||
#ifdef HW_ATALLA
|
||||
#endif /* !NO_HW_NCIPHER */
|
||||
#ifndef NO_HW_ATALLA
|
||||
if(!engine_list_add(ENGINE_atalla()))
|
||||
return 0;
|
||||
#endif /* HW_CSWIFT */
|
||||
#endif /* !NO_HW_ATALLA */
|
||||
engine_list_flag = 1;
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -63,7 +63,7 @@
|
|||
#include "engine_int.h"
|
||||
#include <openssl/engine.h>
|
||||
|
||||
#ifdef HW_ATALLA
|
||||
#ifndef NO_HW_ATALLA
|
||||
|
||||
#include "vendor_defns/atalla.h"
|
||||
|
||||
|
@ -153,6 +153,7 @@ static ENGINE engine_atalla =
|
|||
NULL,
|
||||
atalla_init,
|
||||
atalla_finish,
|
||||
NULL, /* no ctrl() */
|
||||
0, /* no flags */
|
||||
0, 0, /* no references */
|
||||
NULL, NULL /* unlinked */
|
||||
|
@ -432,4 +433,4 @@ static int atalla_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
|
|||
return atalla_mod_exp(r, a, p, m, ctx);
|
||||
}
|
||||
|
||||
#endif /* HW_ATALLA */
|
||||
#endif /* !NO_HW_ATALLA */
|
||||
|
|
|
@ -63,7 +63,7 @@
|
|||
#include "engine_int.h"
|
||||
#include <openssl/engine.h>
|
||||
|
||||
#ifdef HW_CSWIFT
|
||||
#ifndef NO_HW_CSWIFT
|
||||
|
||||
/* Attribution notice: Rainbow have generously allowed me to reproduce
|
||||
* the necessary definitions here from their API. This means the support
|
||||
|
@ -729,5 +729,4 @@ static int cswift_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
|
|||
return cswift_mod_exp(r, a, p, m, ctx);
|
||||
}
|
||||
|
||||
#endif /* HW_CSWIFT */
|
||||
|
||||
#endif /* !NO_HW_CSWIFT */
|
||||
|
|
|
@ -64,7 +64,7 @@
|
|||
#include "engine_int.h"
|
||||
#include <openssl/engine.h>
|
||||
|
||||
#ifdef HW_NCIPHER
|
||||
#ifndef NO_HW_NCIPHER
|
||||
|
||||
/* Attribution notice: nCipher har said several times that it's OK for
|
||||
* us to implement a general interface to their boxes, and recently declared
|
||||
|
@ -471,15 +471,19 @@ static int hwcrhk_ctrl(int cmd, long i, void *p, void (*f)())
|
|||
switch(cmd)
|
||||
{
|
||||
case ENGINE_CTRL_SET_LOGSTREAM:
|
||||
{
|
||||
BIO *bio = (BIO *)p;
|
||||
|
||||
if (logstream)
|
||||
{
|
||||
BIO_free(logstream);
|
||||
logstream = NULL;
|
||||
}
|
||||
if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
|
||||
logstream = (BIO *)p;
|
||||
logstream = bio;
|
||||
else
|
||||
ENGINEerr(ENGINE_F_HWCRHK_CTRL,ENGINE_R_BIO_WAS_FREED);
|
||||
}
|
||||
break;
|
||||
default:
|
||||
ENGINEerr(ENGINE_F_HWCRHK_CTRL,
|
||||
|
@ -768,5 +772,4 @@ static void log_message(void *logstream, const char *message)
|
|||
CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
|
||||
}
|
||||
|
||||
#endif /* HW_NCIPHER */
|
||||
|
||||
#endif /* !NO_HW_NCIPHER */
|
||||
|
|
Loading…
Reference in a new issue